stupid firestarter error messages
This is a discussion on stupid firestarter error messages within the Linux Security forums, part of the System Security and Security Related category; In '/etc/ppp/ip-up.local', I have --------------- quote --------------- #!/bin/bash echo -e "\nreinstall firewall ..." >> $LOGFILE ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-22-2005
|
|||
|
|||
stupid firestarter error messages
In '/etc/ppp/ip-up.local', I have --------------- quote --------------- #!/bin/bash echo -e "\nreinstall firewall ..." >> $LOGFILE sh /etc/firestarter/firestarter.sh start >> $LOGFILE -------------- unquote -------------- Afterwards, logfile contains --------------- quote --------------- reinstall firewall ... Fatal error: Your kernel does not support iptables. Firewall not started -------------- unquote -------------- However, if I issue the command sh /etc/firestarter/firestarter.sh start *after* the ppp link is up, i.e., in the context (as shown by the output from ifconfig) --------------- quote --------------- lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:70 errors:0 dropped:0 overruns:0 frame:0 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4812 (4.6 Kb) TX bytes:4812 (4.6 Kb) ppp0 Link encap:Point-to-Point Protocol inet addr:<--*--> P-t-P:<--*--> Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5 errors:1 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:162 (162.0 b) TX bytes:87 (87.0 b) wlan0 Link encap:Ethernet HWaddr <--*--> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) -------------- unquote -------------- firestarter says --------------- quote --------------- iptables v1.2.11: host/network `wlan0' not found Try `iptables -h' or 'iptables --help' for more information. Firewall started -------------- unquote ------------- and 'iptables -L' says --------------- quote --------------- Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- ns1.smart.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- ns1.smart.net anywhere ACCEPT tcp -- ns2.smart.net anywhere tcp flags:!SYN,RST,ACK/SYN ACCEPT udp -- ns2.smart.net anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 .... etc. -------------- unquote -------------- So, mister whoever wrote the two error messages shown above, as you can see, "my" kernel supports iptables very nicely, thank you, and my wireless LAN is alive and well. The problem would appear to be that you don't now what you are taking about. -- 
|
|
03-22-2005
|
|||
|
|||
|
Re: stupid firestarter error messages
On Mon, 21 Mar 2005 23:04:30 +0000, user wrote:
> In '/etc/ppp/ip-up.local', I have > > --------------- quote --------------- #!/bin/bash > > echo -e "\nreinstall firewall ..." >> $LOGFILE sh > /etc/firestarter/firestarter.sh start >> $LOGFILE > > -------------- unquote -------------- > > Afterwards, logfile contains > > --------------- quote --------------- reinstall firewall ... > Fatal error: Your kernel does not support iptables. Firewall not started > -------------- unquote -------------- > [...] > > So, mister whoever wrote the two error messages shown above, as you can > see, "my" kernel supports iptables very nicely, thank you, and my > wireless LAN is alive and well. > > The problem would appear to be that you don't now what you are taking > about. The offending messages may not be coming from your /etc/firestarter/firestarter.sh script, but possibly from a sub-process. You can validate that with results from: grep -A5 -B5 "Fatal" /etc/firestarter/firestarter.sh grep "does not support" -A5 -B5 /etc/firestarter/firestarter.sh .... and so on. If you do find those strings in your script, the above commands may help to understand why they are appearing. Don't know why your wlan0 isn't found; don't suppose that's related to the first issue (!?). (Glad to hear that your firewall is apparently working. Have you tested it?) Best wishes.
|
|
03-22-2005
|
|||
|
|||
|
Re: stupid firestarter error messages
On Mon, 21 Mar 2005 21:11:22 -0500, Newsbox wrote:
[...] > grep "does not support" -A5 -B5 /etc/firestarter/firestarter.sh > Oops! Believe that should have said grep -A5 -B5 "does not support" /etc/firestarter/firestarter.sh [...] > Best wishes.
|
|
03-22-2005
|
|||
|
|||
|
Re: stupid firestarter error messages
Newsbox wrote:
> On Mon, 21 Mar 2005 21:11:22 -0500, Newsbox wrote: > > [...] > > >>grep "does not support" -A5 -B5 /etc/firestarter/firestarter.sh >> > > Oops! Believe that should have said > > grep -A5 -B5 "does not support" /etc/firestarter/firestarter.sh > > [...] > > >>Best wishes. > > [root]:/etc/firestarter/$ grep -i -A5 -B5 support firestarter.sh [root]:/etc/firestarter/$ i.e., nothing.
|
|
03-22-2005
|
|||
|
|||
|
Re: stupid firestarter error messages
user wrote:
> Newsbox wrote: > >> On Mon, 21 Mar 2005 21:11:22 -0500, Newsbox wrote: >> >> [...] >> >> >>> grep "does not support" -A5 -B5 /etc/firestarter/firestarter.sh >>> >> >> Oops! Believe that should have said >> grep -A5 -B5 "does not support" /etc/firestarter/firestarter.sh >> >> [...] >> >> .... > > > [root]:/etc/firestarter/$ grep -i -A5 -B5 support firestarter.sh > [root]:/etc/firestarter/$ > > i.e., nothing. However, the file '/etc/firestarter/firewall' contains -------------- quote ------------- # Make sure the test chains does not exist $IPT -F test 2> /dev/null $IPT -X test 2> /dev/null if [ "$NAT" = "on" ]; then $IPT -t nat -F test 2> /dev/null $IPT -t nat -X test 2> /dev/null fi # Iptables support check, mandatory feature if [ "`$IPT -N test 2>&1`" ]; then echo Fatal error: Your kernel does not support iptables. return 100 fi ------------- unquote ------------ The intent of $IPT -t nat -F test 2> /dev/null $IPT -t nat -X test 2> /dev/null would appear to be to flush any iptables chain named "test" and the intent of if [ "`$IPT -N test 2>&1`" ]; then echo Fatal error: Your kernel does not support iptables. return 100 fi would appear to be to try to then create an iptables chain named "test" and, failing that, to issue the error message in question. Question is, why does this test fail when '/etc/firestarter/firestarter.sh' (which sources '/etc/firestarter/firewall') is invoked from '/etc/ppp/ip-up.local', yet succeed when '/etc/firestarter/firestarter.sh' is invoked from the command line? Anyone? --
|
|
03-23-2005
|
|||
|
|||
|
Re: stupid firestarter error messages
On Tue, 22 Mar 2005 05:36:58 +0000, user wrote:
> user wrote: >> Newsbox wrote: >> >>> On Mon, 21 Mar 2005 21:11:22 -0500, Newsbox wrote: >>> >>> [...] >>> > Question is, why does this test fail when > '/etc/firestarter/firestarter.sh' > (which sources '/etc/firestarter/firewall') is invoked from > '/etc/ppp/ip-up.local', > yet succeed when '/etc/firestarter/firestarter.sh' is invoked from the > command line? > > Anyone? Does: [root]# echo $IPT tell you anything? If it's set to a null string that could change the result. ... IDK, just a thought. http://nessus.org/ has some scanning and reporting capabilities that can check your firewall if you don't have another way to do it. If you are having unresolved questions about how your firewall is or isn't working it might not be a bad idea to check that it is indeed doing what you think and hope for. Knowledge for its own sake might be OK, but being reassured about your system's security and integrity would seem to me to be a higher priority. But that's just my opinion.
|
Linear Mode
